Early this morning we released an update for Net-Worm.Win32.Mytob.eg.
Since then we’ve been seeing a clear increase in the number of samples.
This variant doesn’t really differ from earlier variants, it’s just a very basic Mytob. However, it is spreading which means that users should be on the lookout.
It spreads via email and contains a limited IRCBot which only has support for basic features such as downloading files.
As is usually the case with Mytob, the email message that brings the worm closes with a statement purporting to be from an antivirus company, saying that no viruses have been found.
This variant is spreading actively, so be smart, don’t be fooled.